{"id":26532,"library":"tsec","title":"tsec - Trusted TypeScript Compiler","description":"tsec is a static analysis tool built on the TypeScript compiler that validates code against Trusted Types compliance. At version 0.2.9, it provides extended compiler checks to enforce Trusted Types, a browser security primitive that mitigates DOM XSS attacks. Unlike runtime polyfills, tsec catches violations at compile time, integrating into the build pipeline without runtime overhead. It requires Bazel build system (with @bazel/bazelisk and @bazel/concatjs) and TypeScript >=3.9.2. Its key differentiator is compile-time enforcement, making it suitable for large codebases where runtime approaches are insufficient.","status":"active","version":"0.2.9","language":"javascript","source_language":"en","source_url":"https://github.com/google/tsec","tags":["javascript"],"install":[{"cmd":"npm install tsec","lang":"bash","label":"npm"},{"cmd":"yarn add tsec","lang":"bash","label":"yarn"},{"cmd":"pnpm add tsec","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Required Bazel build launcher for tsec execution","package":"@bazel/bazelisk","optional":false},{"reason":"Bazel rules for TypeScript compilation used by tsec","package":"@bazel/concatjs","optional":false},{"reason":"Peer dependency for TypeScript compiler, must be >=3.9.2","package":"typescript","optional":false}],"imports":[{"note":"ESM-only since v0.2.0, no CommonJS support.","wrong":"const tsec = require('tsec')","symbol":"default","correct":"import tsec from 'tsec'"},{"note":"Named export for TypeScript config type.","wrong":"const { TSECConfig } = require('tsec')","symbol":"TSECConfig","correct":"import { TSECConfig } from 'tsec'"},{"note":"No subpath exports; all exports are at the package root.","wrong":"import { runTsec } from 'tsec/run'","symbol":"runTsec","correct":"import { runTsec } from 'tsec'"}],"quickstart":{"code":"// tsec configuration in BUILD.bazel\nload(\"@npm//tsec:index.bzl\", \"tsec_test\")\n\ntsec_test(\n    name = \"tsec_test\",\n    srcs = glob([\"src/**/*.ts\"]),\n    tsconfig = \":tsconfig.json\",\n    tsec_config = {\n        \"disallowed\": [\"innerHTML\"],\n        \"allowed\": {\n            \"https://trusted.example.com/script.js\": [\"*\"],\n        },\n    },\n)\n\n// Then run: bazel test //:tsec_test\n","lang":"typescript","description":"Demonstrates tsec usage as a Bazel test rule, enforcing that no code uses .innerHTML without Trusted Types approval."},"warnings":[{"fix":"Integrate Bazel or consider alternative trust-checking tools.","message":"tsec only supports Bazel build system. Non-Bazel users must adapt their build pipeline.","severity":"breaking","affected_versions":">=0.1.0"},{"fix":"Rename 'disallowed' to 'blocked' in your tsec config.","message":"The 'disallowed' config property is deprecated in favor of 'blocked'.","severity":"deprecated","affected_versions":">=0.2.0"},{"fix":"Upgrade Bazel dependencies to minimum versions.","message":"tsec requires @bazel/bazelisk >=1.7.5 and @bazel/concatjs >=5.3.0, which may conflict with older Bazel setups.","severity":"gotcha","affected_versions":"<0.2.0"},{"fix":"Ensure all relevant code is in .ts files.","message":"tsec checks only TypeScript source files; JavaScript or declaration files are not analyzed.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Use import syntax or upgrade to ESM-compatible runtime.","message":"ESM-only package; require() will fail. Ensure Node.js project uses ESM or bundler that supports ESM.","severity":"gotcha","affected_versions":">=0.2.0"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Run 'npm install tsec' and ensure peer dependencies are installed.","cause":"Package not installed or missing dependencies.","error":"Error: Cannot find module 'tsec'"},{"fix":"Change to 'import tsec from \"tsec\"' and ensure package.json has 'type':'module'.","cause":"Using require() instead of import (ESM-only).","error":"TypeError: tsec is not a function"},{"fix":"Replace 'disallowed' with 'blocked' in your tsec configuration.","cause":"Config key renamed in newer version.","error":"Error: Unsupported config property 'disallowed' in tsec config"},{"fix":"Add 'load(\"@npm//tsec:index.bzl\", \"tsec_test\")' to your BUILD file.","cause":"Bazel rules not loaded correctly.","error":"Error: Bazel build failed: no such attribute 'tsec_test' in rule"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}